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Abstract 

Background: The increased use of human biological material for cell-based research and clinical interventions 
poses risks to the privacy of patients and donors, including the possibility of re-identification of individuals from 
anonymized cell lines and associated genetic data. These risks will increase as technologies and databases used for 
re-identification become affordable and more sophisticated. Policies that require ongoing linkage of cell lines to donors' 
clinical information for research and regulatory purposes, and existing practices that limit research participants' ability 
to control what is done with their genetic data, amplify the privacy concerns. 

Discussion: To date, the privacy issues associated with cell-based research and interventions have not received much 
attention in the academic and policymaking contexts. This paper, arising out of a multi-disciplinary workshop, aims to 
rectify this by outlining the issues, proposing novel governance strategies and policy recommendations, and identifying 
areas where further evidence is required to make sound policy decisions. The authors of this paper take the position 
that existing rules and norms can be reasonably extended to address privacy risks in this context without compromising 
emerging developments in the research environment, and that exceptions from such rules should be justified using a 
case-by-case approach. In developing new policies, the broader framework of regulations governing cell-based research 
and related areas must be taken into account, as well as the views of impacted groups, including scientists, research 
participants and the general public. 

Summary: This paper outlines deliberations at a policy development workshop focusing on privacy challenges 
associated with cell-based research and interventions. The paper provides an overview of these challenges, 
followed by a discussion of key themes and recommendations that emerged from discussions at the workshop. The 
paper concludes that privacy risks associated with cell-based research and interventions should be addressed through 
evidence-based policy reforms that account for both well-established legal and ethical norms and current knowledge 
about actual or anticipated harms. The authors also call for research studies that identify and address gaps in 
understanding of privacy risks. 
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Background 

Uses of human biological materials for cell-based research 
and interventions have re-ignited persistent worries re- 
garding the protection of genetic privacy in an era where 
openness, sharing, and access to affordable and accessible 
genetic testing technologies are increasingly commonplace. 
While the privacy challenges associated with cell-based re- 
search and interventions are by no means unique, they 
have become more evident in light of the considerable 
public interest and scientific excitement surrounding 
ground-breaking recent discoveries in the field, such as 
induced pluripotent stem cells (iPSCs) [1,2], somatic-cell 
nuclear transfer (SCNT) derived human embryonic stem 
cells (hESCs) [3] and triploid human embryonic stem cells 
(hESCs) [4]. In this article, we examine and offer recom- 
mendations for addressing these privacy challenges through 
the lens of cell-based research and interventions, while 
recognizing that the derivation and sharing of stem cell 
lines are a critical part of good scientific practice [5], and 
that the privacy challenges discussed here are engaged 
equally (or perhaps more markedly) in other contexts, 
such as in relation to genetic research and biobank datasets. 
Indeed, our discussion of the stem cell context will ne- 
cessarily canvass and draw upon the academic literature 
on privacy issues facing genetic research. 

In the context of cell-based research and interventions, a 
specific concern relates to potential privacy risks surround- 
ing research uses of iPSCs. There is emerging scientific 
consensus that these stem cell lines retain substantial 
genetic characteristics of the parent/donor somatic cell 
or tissue [6,7]. Accordingly, an individual could be re- 
identified from anonymized or anonymous genetic data 
derived from such cell lines. Moreover, in most cases, cell 
lines will be linked to the donor's clinical information for 
both research and regulatory purposes [8]. Insecure hand- 
ling or misuse of these lines and associated clinical informa- 
tion could also result in disclosure of personal information 
to unauthorized parties. The highly collaborative nature of 
cell therapy research and the transnational movement of 
stem cell lines and associated health information reinforce 
privacy concerns, and have generated calls for policy inter- 
vention [9-11]. Privacy concerns, among other ethical and 
legal issues associated with cross-jurisdictional transfer of 
stem cell lines, also suggest a need for harmonization of 
policy responses across jurisdictions [12-15]. Indeed, it has 
been observed that conceptual and logistical impediments 
to international sharing of biological resources can be 
overcome by harmonizing privacy standards through a 
continuing process that fosters the interplay of different 
national viewpoints [16]. 

Furthermore, recent studies have demonstrated the 
possibility of re-identifying research participants from 
anonymized genetic data [17-19] by linking such data 
with freely available information in the public domain, 



such as familial database records, and demographic infor- 
mation obtained through Internet searches [10,18,20-22]. 
However, these re-identification studies currently require 
highly sophisticated technical ability and technological 
resources, and involve complex and specialized processes, 
with very limited success rates [23]. Also, institutional data 
use policies may preclude or impose stringent conditions 
on re-identification of research participants from anon- 
ymized genetic data or other health information. While it 
is possible that re-identification could become easier or 
more successful with advances in data linkage technologies, 
and proliferation of reference databases (including geneal- 
ogy websites, genome-phenome data banks, and linked 
electronic medical records) [18,22,24,25], the potential risks 
of re-identification are presently neither manifest nor 
pressing in magnitude or feasibility [26]. That said, the 
potential for re-identification has generated significant 
policy and media attention and scrutiny [27-34]. 

It has been suggested that re-identification may cause 
a variety of harms, including harms to donors' privacy 
interests [9,10], the possibility of genetic discrimination 
in the context of employment, health care, and life and 
medical insurance [35-37], and inappropriate disclosure of 
stigmatizing, embarrassing or incriminating genetic infor- 
mation [10,35,38]. Also, unauthorized re-identification of 
anonymous research participants could undermine public 
trust in genetic research and result in public reluctance to 
donate biological material for genomics research [39,40]. 
However, there is presently little evidence to support fears 
that these harms will materialize [21,41,42]. Genetic 
discrimination in insurance, for example, is uncommon 
because the predictive ability of genetic testing is limited, 
and most of the information that would arise is already 
disclosed through evaluation of family and medical history 
[36,42-44]. 

The foregoing privacy concerns are made more sensitive 
by emerging practices that challenge well-established legal 
and ethical norms. For instance, consent models, such 
as broad consent — which enable donors to consent to 
prospective, as-yet-unknown research uses of their donated 
materials — are increasingly common in genomics and re- 
lated research contexts [45-47]. Likewise, an increasing 
number of policy instruments limit the right to withdraw 
consent to the use of donated biological materials to a 
time before the materials are used for research or a stem 
cell line is created [45,48-53]. These practices remain con- 
troversial and have generated significant discussion in the 
academic community [52-56]. In many jurisdictions, in- 
cluding Canada, Australia, the U.S. and the E.U, voluntary 
informed consent to identified or specific research studies 
is required by applicable policies [57-62]. However, re- 
search ethics committees (RECs) can approve studies that 
depart from this rule, on a case-by-case basis, but only if 
there is minimal risk to participants and the failure to 
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obtain consent will not adversely affect participant welfare, 
or if it would be impossible or impractical to carry out the 
research without prior consent from participants [57-59]. 

Given the significant public interest in cell-based re- 
search and interventions, privacy is likely to be a hot area 
of policy debate. However, to date, there have been few, 
if any, attempts to examine the privacy issues arising in 
this context, or to formulate proactive evidence-based 
policy guidance to address associated risks. To this end, 
and under the auspices of the Office of the Privacy Com- 
missioner of Canada Contributions Program, we convened 
a workshop to facilitate focused scholarly and policy reflec- 
tion and analysis on the privacy risks and issues associated 
with cell-based research and interventions. Workshop par- 
ticipants consisted of the authors of this paper, and repre- 
sent a multi-institutional, multidisciplinary group of legal 
scholars, bioethicists, privacy experts, data security experts, 
bioinformaticians, stem cell scientists, and trainees in all 
these areas. Using a workshop format we have successfully 
employed in the past to generate debate and consensus on 
policy recommendations [8,63,64], participants presented 
on and discussed the following topics: cell-based research 
and interventions, current governance regimes and associ- 
ated challenges, data security and re-identification studies, 
privacy and open access, and consent requirements. 
Following the presentations, recommendations formu- 
lated by the workshop conveners (Ogbogu, Caulfield and 
Burningham) were presented for deliberation and revision. 
In the next section, we outline key themes and specific 
policy recommendations that emerged from the discus- 
sions at the workshop. 

Discussion 

Theme 1: Re-identification risk is a moving target 

Recent research studies have demonstrated the possibility 
of successful re-identification of de-identified genetic data 
[18,19]. While these studies raise serious questions about 
whether de-identification-based privacy guarantees are 
adequate to protect research participants against unlawful 
use and disclosure of their genetic information, it should 
be borne in mind that re-identification attacks are presentiy 
technologically rigorous and expensive, have limited suc- 
cess rates, and require specialized equipment and access 
to other health data. Re-identification attacks therefore do 
not currently raise a level of risk that should be met with 
restrictive policies, such as restrictions on open access and 
on sharing of genetic research data. Open access policies 
should be combined with acceptable use or data use agree- 
ments that prohibit re-identification and/or misuse. 

The risk of re-identification may increase as technology 
improves and/or publicly accessible databases containing 
genetic information linkable to identifiable individuals 
become more widespread. Policies designed to prevent 
unauthorized re-identification should be based on evidence 



of actual or anticipated harm, and incorporate processes for 
ongoing evaluation of anticipated risk or harm. 

Theme 2: Informed consent: "The devil is in the defaults" 3 

As previously stated, many jurisdictions require researchers 
to inform research participants about and obtain their con- 
sent to specific research uses of their biological materials 
and associated genetic or other health information. This 
requirement is typically subject to limited exceptions and 
must be complied with prior to commencement of re- 
search. Participants must also be made aware of any legally 
or ethically sanctioned limits to exercising meaningful 
control over their personal health or genetic information 
once the research has commenced. 

To ensure "a consistent floor of privacy protections" [34], 
p. 5, these policies should be maintained as the default in 
relation to uses and disclosure of genetic information and 
associated health data. Departure from the default rules 
may be warranted, but only where the public interest in the 
departure clearly outweighs a corresponding public interest 
in protecting and preserving individual privacy and auton- 
omy. The rationale for setting aside the default rules must 
be clearly and specifically demonstrated, and balanced 
against actual evidence of consequent benefits and risks. 
This approach is necessarily case-specific, and should be 
implemented by a body or institution that is familiar with, 
or structured to obtain and incorporate into its deliberative 
and decision-making process, multiple perspectives on the 
research context, associated privacy challenges, participant 
preferences, and the risks and benefits of proposed excep- 
tions. While it remains an open question whether or not 
RECs can fulfill these roles within the scope of their 
present mandates [65], an emerging alternative is the 
establishment of data access committees that are charged 
with the responsibility of overseeing requests or applica- 
tions for research use and disclosure of personal health 
data, and with monitoring and responding to privacy chal- 
lenges resulting from innovations in health research [26,65]. 

Theme 3: Beyond re-identification risk and consent: 
grounding the default in a "big picture" view of policy 
development and analysis 

There is a need to move scholarly reflection beyond 
discussion of re-identification risks and consent issues 
surrounding research involving human biological materials. 
To encourage a shift in focus, researchers should prioritize 
two other relevant areas: the broader framework of policies 
and regulations applicable to privacy issues in this context 
(such as the impact of access to information law on partici- 
pant rights and researcher responsibilities), and studies of 
affected groups' views, such as the views of research partici- 
pants, the public, and researchers working in this area. 
Some work has been done in both areas, including studies 
of public and stakeholder opinions [66-68] and a recent 
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analysis of Canadian judicial doctrine and its implications 
for participants' rights of continued access to and control 
over genetic and other health information [69]. However, 
de-identification is still an important tool in the privacy 
"tool-box". Even though de-identification of cell lines may 
not guarantee privacy, it is one tool to employ in the 
construction of a privacy framework and will work in 
conjunction with other approaches, such as education 
and strengthening of governance mechanisms. 

In accordance with this "big picture" approach to policy 
development, default rules should be broadly based on 
existing policy rules and norms, including privacy and 
access to information laws, research ethics guidelines, 
government reports and white papers, and non-binding 
policy statements issued by influential scientific or research 
ethics organizations [34,70-80] . Gaps and warranted excep- 
tions should be addressed through governance mechanisms 
designed to balance competing public interests that arise in 
this research context. To facilitate cross-border research 
collaborations, national policies should be designed to 
allow for harmonization with other jurisdictions. 

Lastly, affected groups' perspectives must be taken into 
account in designing policy, including the views of scien- 
tists, clinicians, institutional managers and research partic- 
ipants. Research on missing or incomplete perspectives 
should be encouraged and prioritized. Specifically, these 
groups should be included in policy deliberations and in 
the actual policy-making process, in addition to more 
traditional "top down" approaches to public consultation 
such as public opinion surveys, focus groups and public 
commentary. 

Recommendation #1: Changes to existing policies 

Existing legal and ethical policies (including privacy and 
access to information laws and research ethics policies) 
should be extended to cover research involving human 
biological material that contains identifiable genetic infor- 
mation about a research participant. No special rules or 
exceptions need apply. Specifically: 

i. research participants must be informed of known 
risks of re-identification of de-identified genetic data 
at the time of donation and consent; 

ii. researchers and research institutions should 
inform research participants about new risks of 
re-identification as they emerge; 

iii. researchers and institutions seeking to use or share 
human biological material and/or de-identified genetic 
data must have policies and processes in place to 
monitor and respond to re-identification risks, including 
but not limited to controlled access mechanisms; b 

iv. legal definitions of "personal information", "personal 
health information" and similar terms should be 
expanded to include "human biological material"; 



v. the term "information custodian" and other similar 
terms in privacy and access to information 
legislation should be defined to include "persons or 
institutions that collect, use, share or disclose 
human biological material or genetic information 
derived from such samples"; 

vi. institutional sharing policies should address privacy 
protections for associated clinical health information 
collected with human biological material; 

vii. policymakers should seek to harmonize policies 
across jurisdictions, and to coordinate monitoring 
and enforcement processes; 

viii. institutions should work out inter-institutional 
arrangements to deal with privacy issues either 
through delegated or centralized review; and 

ix. privacy regulators should establish mechanisms to 
monitor technological developments and review and 
update best practices in relation to privacy risks 
attending to research uses of human biological 
materials. 

Recommendation #2: Changes to governance mechanisms 

The role of RECs in privacy governance in the context of 
cell-based research should be clarified. At the moment, 
some hurdles may stand in the way of effective oversight, 
including the fact that RECs may lack experience in 
privacy matters or may exchange rigorous ethics review 
for bureaucratic box checking [65,81,82]. Accordingly, 
legislation and relevant policies should set out dedicated 
governance frameworks to monitor and respond to privacy 
challenges in the context of cell-based research. Options to 
consider include: 

i. revising membership requirements to include 
mandatory representation by a privacy expert or IT 
security specialist; or 

ii. establishing an independent "data access committee" 
to review research protocols that raise significant 
privacy concerns (perhaps on a referral basis from 
RECs) and to provide general guidance in response 
to anticipated or existing privacy challenges. 

Summary 

Addressing privacy challenges and issues facing cell-based 
research and interventions requires collaborative reflection 
among and response from multiple interested parties, 
including scientists, privacy experts, bioethicists, legal 
scholars and policymakers. This paper outlines the first 
attempt at such an endeavour, and provides a summary 
of key themes and recommendations to facilitate and 
guide both future discussions and policymaking activities 
in this context. While the issues canvassed in the paper, 
chiefly the privacy risks surrounding ongoing linkage of 
stem cell lines to research participants' genetic and clinical 
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information, deserve scholarly and policy scrutiny, they 
are not necessarily unique. They must therefore be met 
with measured evidence-based policy reforms that account 
for both well-established legal and ethical norms and 
current knowledge about actual or anticipated harms. 
Research on privacy issues in this context should focus 
on gaps in knowledge, such as canvassing the views of 
persons or groups whose interests are most likely to be 
affected. Lasdy, policy development in this context must 
be necessarily proactive and aimed primarily at maintain- 
ing public trust in and support for cell-based research and 
interventions. 

Endnotes 

"This phrase is borrowed from Ian Kerr's presentation 
at the workshop, and is referenced in his earlier editorial 
discussing Facebook and privacy [83]. 

b In controlled-access agreements, one party agrees to 
provide the other with access to specific data or material 
on certain conditions relating to security practices or 
confidentiality [84]. 
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